Hi,
I generated new certs.
the operation from the plugin worked.
It generated a lot of stuff in /etc/letsencrypt (mostly .pem)
... but I don't have any new certificate in the certificate section of OMV webui
how can I use this new cert ?

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This enables HTTPS name-based virtual hosting to separate backend servers without installing the private key on the proxy machine.

Example use case:
Our domain is domain.tld with 2 services. The first is OMV running on port 10443, the other is couchpotato running on port 5050 under the subdomain couchpotato.domain.tld.

Install SNI Proxy and edit the following code blocks to get the following:
Both of your services will respond on the standard 443 port.
All Let's Encrypt authentication will happen on a single webroot regardless of where the subdomain resides.

/etc/sniproxy.conf

Source Code

# sniproxy example configuration file

# lines that start with # are comments

# lines with only white space are ignored

user daemon

# PID file

pidfile /var/run/sniproxy.pid

error_log {

# Log to the daemon syslog facility

#syslog daemon

# Alternatively we could log to file

filename /var/log/sniproxy/sniproxy.log

# Control the verbosity of the log

priority notice

}

# blocks are delimited with {...}

listen 80 {

proto http

table http_hosts

# Fallback backend server to use if we can not parse the client request

fallback localhost:10080

access_log {

filename /var/log/sniproxy/http_access.log

priority notice

}

}

listen 443 {

proto tls

table https_hosts

fallback 127.0.0.1:10443 #This says that if no matching redirect is found, connect to OMV

access_log {

filename /var/log/sniproxy/https_access.log

priority notice

}

}

# named tables are defined with the table directive

table http_hosts {

.*\.domain\.tld/\.well-known/.* localhost:80

}

# named tables are defined with the table directive

table https_hosts {

# When proxying to local sockets you should use different tables since the

# local socket server most likely will not autodetect which protocol is

# being used

#example.org unix:/var/run/server.sock

couchpotato.domain.tld localhost:5050

}

# if no table specified the default 'default' table is defined

table {

# if no port is specified default HTTP (80) and HTTPS (443) ports are

# assumed based on the protocol of the listen block using this table

}

Display All

Remove "SSL InsecurePlatform" WarningThe debian dependencies needed to remove this warning are in the wheezy-backports so they will not be included until OMV 3.0
However, if the warning bothers you or prevents a cert from generating, it can removed with the following commands:

Source Code

apt-get install python-pip

pip install -U pip

pip install -U pyopenssl ndg-httpsclient pyasn1

My OMV is behind my router, so where should the SNI proxy be installed?

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This enables HTTPS name-based virtual hosting to separate backend servers without installing the private key on the proxy machine.

Example use case:
Our domain is domain.tld with 2 services. The first is OMV running on port 10443, the other is couchpotato running on port 5050 under the subdomain couchpotato.domain.tld.

Install SNI Proxy and edit the following code blocks to get the following:
Both of your services will respond on the standard 443 port.
All Let's Encrypt authentication will happen on a single webroot regardless of where the subdomain resides.

/etc/sniproxy.conf

Source Code

# sniproxy example configuration file

# lines that start with # are comments

# lines with only white space are ignored

user daemon

# PID file

pidfile /var/run/sniproxy.pid

error_log {

# Log to the daemon syslog facility

#syslog daemon

# Alternatively we could log to file

filename /var/log/sniproxy/sniproxy.log

# Control the verbosity of the log

priority notice

}

# blocks are delimited with {...}

listen 80 {

proto http

table http_hosts

# Fallback backend server to use if we can not parse the client request

fallback localhost:10080

access_log {

filename /var/log/sniproxy/http_access.log

priority notice

}

}

listen 443 {

proto tls

table https_hosts

fallback 127.0.0.1:10443 #This says that if no matching redirect is found, connect to OMV

access_log {

filename /var/log/sniproxy/https_access.log

priority notice

}

}

# named tables are defined with the table directive

table http_hosts {

.*\.domain\.tld/\.well-known/.* localhost:80

}

# named tables are defined with the table directive

table https_hosts {

# When proxying to local sockets you should use different tables since the

# local socket server most likely will not autodetect which protocol is

# being used

#example.org unix:/var/run/server.sock

couchpotato.domain.tld localhost:5050

}

# if no table specified the default 'default' table is defined

table {

# if no port is specified default HTTP (80) and HTTPS (443) ports are

# assumed based on the protocol of the listen block using this table

}

Display All

Remove "SSL InsecurePlatform" WarningThe debian dependencies needed to remove this warning are in the wheezy-backports so they will not be included until OMV 3.0
However, if the warning bothers you or prevents a cert from generating, it can removed with the following commands:

Source Code

apt-get install python-pip

pip install -U pip

pip install -U pyopenssl ndg-httpsclient pyasn1

My OMV is behind my router, so where should the SNI proxy be installed?

Hello, i need some help with letsencrypt for my Nextcloud server.
I've created 2 host names with no-ip: one for my omv panel, and the second one for nextcloud. Nextcloud works very well with the Nginx and MySQL plugin. The only thing i need is a second letsencrypt certificate for my second hostname. The http version works flawlessly. When i a the second domain name to letsencrypt, nothing happens. I've added a image for help.
Does anyone knows how to add multiple certificates ? Thank in advance!

Hello, i need some help with letsencrypt for my Nextcloud server.
I've created 2 host names with no-ip: one for my omv panel, and the second one for nextcloud. Nextcloud works very well with the Nginx and MySQL plugin. The only thing i need is a second letsencrypt certificate for my second hostname. The http version works flawlessly. When i a the second domain name to letsencrypt, nothing happens. I've added a image for help.
Does anyone knows how to add multiple certificates ? Thank in advance!

you must disable the certificate in your nginix and probaply in your omv webpage. In the moment when you create a new certification
you dont use on every nginx-plugin or omv the old letsencrypt certificat

I need the certificate for some services not running on Port 443. I do not want to expose the Web-Interface to the web.
I think, that will be similar for other users.
Thus, I intend to open 443 just for the renewal of the certificate and this is done with upnpc.

I need the certificate for some services not running on Port 443. I do not want to expose the Web-Interface to the web.
I think, that will be similar for other users.
Thus, I intend to open 443 just for the renewal of the certificate and this is done with upnpc.

Is that clearer now?

Regards,
Hendrik

Oh, I understand now! I made the ridiculous assumption that you wouldn't be using it for anything other than your OMV control panel. That was stupid on my part. Sorry about that.

Hey there.
I have an installation of omv 3.0.88 running and I try to install the plugin. But I get an error saying
"The following packages have unmet dependencies:
openmediavault-letsencrypt : Depends: certbot but it is not installable
E: Unable to correct problems, you have held broken packages."
And I cannot install certbot either since it is apparently not a valid package... I am puzzled at this stage how to get the plugin installed now... any suggestions anyone?

Hello, i need some help with letsencrypt for my Nextcloud server.
I've created 2 host names with no-ip: one for my omv panel, and the second one for nextcloud. Nextcloud works very well with the Nginx and MySQL plugin. The only thing i need is a second letsencrypt certificate for my second hostname. The http version works flawlessly. When i a the second domain name to letsencrypt, nothing happens. I've added a image for help.
Does anyone knows how to add multiple certificates ? Thank in advance!

you must disable the certificate in your nginix and probaply in your omv webpage. In the moment when you create a new certificationyou dont use on every nginx-plugin or omv the old letsencrypt certificat

I've tried that multiple times. the second certifite will not appeard in the list of the nginx plugin. Did you mean a second certifite is not needed for both omv web and nextcloud?
Im back from vacation, thats the reason why my replay is a little bit late.
A new domain with no-ip give the same result. i think its not an domain problem. Maybe the plugin?

Hey there,
I just found out that my OMV does not generate the certificate for a second given domain.
In the plugin section I defined: "a.mydomain.com,b.mydomain.com" (without quotes) as domains.
After Pressing "Generate Certificates" I only receive a.mydomain.com in my "live" folder from LetsEncrypt.